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DETAILED ACTION 

1 . This Office Action is in response to the original application filed on 5/1 9/05. 

2. Claims 1-15 are pending. 

Priority 

3. Receipt is acknowledged of papers submitted under 35 U.S.C. 1 19(a)-(d), which 
papers have been placed of record in the file. 

Information Disclosure Statement 

4. The Information Disclosure Statement (IDS) submitted on 5/19/05 has been 
considered (see attached PTO 1449). 

Oath/Declaration 

5. The Oath filed on 5/19/05 complies with all the requirements set forth in MPEP 
602 and therefore is accepted. 

Drawings 

6. The drawings were received on 5/19/05. These drawings are accepted. 

Specification 

7. The specification filed on 5/1 9/05 is accepted. 
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8. Claims 1 and 7 are objected to because of the following informalities: Claims 1 
and 7 recite "STT" in abbreviated form, STT needs to be spelled out. Appropriate 
correction is required. 

Claim Rejections - 35 USC § 102 

9. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

10. Claims 1-2 and 5-8 are rejected under 35 U.S.C. 102 (e) as being anticipated by 
Moran et al. (hereinafter Moran) 7,299,277. 

As per claim 1 : 

Moran teaches an apparatus connected between a network access unit and a 
network to be protected, for protecting legitimate traffic from DoS and DDoS attacks, 
comprising: 

a high-priority queue; (figure 40; col. 46, lines 55-58; a high priority queue) 
a low-priority queue; {figure 40; col. 46, lines 55-58; a low priority queue) 
a queue information table having specific STT service queue information of a 

specific packet; (col. 27, lines 15-17; a priority filter table (CAM), which contains 

information to the priority flows e.g. address pairs, etc.) 
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a queue coordinator for updating the queue information table based on a load of 
a provided STT and a load of the high-priority queue; {col. 27, lines 61-67; the flow 
processor to give a set of priority to a set of flows that contain a provisional (or other) 
address pairs corresponding to packets of interest) 

a packet classifier for receiving a packet from the network access unit, 
investigating an STT service queue of the received packet from the queue information 
table, selectively transferring the received packet to the high-priority queue or the low- 
priority queue in accordance with an investigation result {col. 46, lines 53-57; the flows 
are prioritized into high and low priority flows. High priority flows are stored in high- 
priority queue while low priority flows are stored in low-priority queues) and providing 
information on the received packet to the queue coordinator; {col. 45, line 32- col. 46, 
line 56; Flow Classification Engine... the Flow Classification engine writes back L3 or 
other addresses for selected flows to the CAM priority flow); and 

a buffer for buffering outputs of the high-priority queue and the low-priority queue 
and providing buffered outputs to the network to be protected, {col. 2, line 15; flow 
processor filters and buffers the collected data; col. 30, lines 30-32; the buffer space for 
each queue varies dynamically based on the arrival of classified packet; col. 46, lines 
61-62; buffers from low-priority queue can be reallocated to the high-priority queue) 
As per claim 2: 

Moran teaches all the subject matter as discussed above. In addition, Moran 
further discloses wherein the network to be protected comprises a server, {col. 4, lines 
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36; server) 

As per claim 5: 

Moran teaches all the subject matter as discussed above. In addition, Moran 
further discloses wherein a maximum load of the high-priority queue and the low-priority 
queue is set to be a maximum allowable load of the network to be protected, (col. 46, 
lines 61-62; buffers from low-priority queue can be reallocated to the high-priority 
queue) 

As per claim 6: 

Moran teaches all the subject matter as discussed above. In addition, Moran 
further discloses wherein the network to be protected comprises a server, {col. 4, lines 
36; server) 
As per claim 7: 

Moran teaches a method for protecting legitimate traffic from DoS and DDoS 
attacks in an apparatus therefor, wherein the apparatus is connected between a 
network access unit and a network to be protected and includes a queue information 
table having specific STT service queue information of a specific packet, a queue 
coordinator for updating the queue information table based on a load of a provided STT 
and a load of a high-priority queue and a packet classifier for receiving a packet from 
the network access unit, investigating an STT service queue of a received packet from 
the queue information table, selectively transferring the received packet to the high- 
priority queue or the low-priority queue in accordance with an investigation result and 
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providing information on the received packet to the queue coordinator, the method 
comprising the steps of: 

(a) obtaining an STT ID based on a source IP address of the packet received 
from the network access unit; (col. 27, lines 15-17; a priority filter table (CAM), which 
contains information to the priority flows e.g. address pairs, etc; col. 73, lines 26-28; 
only packets that match a specific set of MAC addresses (source or destination) may be 
included. Additionally, only packets that include a specific VLAN Group can be included) 

(b) investigating a service queue corresponding to the searched STT ID from the 
queue information table and checking whether the service queue is the high-priority 
queue or the low-priority queue; (figure 40; col. 46, lines 55-58; a low priority queue) 

(c) transferring the received packet to the high-priority queue if the service queue 
is the high-priority queue in the step (b); (figure 40; col. 46, lines 55-58; a high priority 
queue) 

(d) transferring the received packet to the low-priority queue if the service queue 
is the low-priority queue in the step (b); (col. 46, lines 53-57; the flows are prioritized into 
high and low priority flows. High priority flows are stored in high-priority queue while low 
priority flows are stored in low-priority queues) and 

(e) transferring the received packet information to the queue coordinator, (col. 27, 
lines 61-67; the flow processor to give a set of priority to a set of flows that contain a 
provisional (or other) address pairs corresponding to packets of interest) 

As per claim 8: 
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Moran teaches all the subject matter as discussed above. In addition, Moran 
further discloses wherein the network to be protected comprises a server, (col. 4, lines 
36; server) 

Claim Rejections - 35 USC § 103 

1 1 . The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

12. Claim 3 is rejected under 35 U.S.C. 103(a) as being unpatentable over Moran et 
al. (hereinafter Moran) 7,299,277 in view of Bremler-Barr et al. (hereinafter Bremler- 
Barr) US 2003/0076848. 

As per claim 3: 

Moran teaches all the subject matter as discussed above. In addition, Moran 
further discloses wherein the information on the received packet includes a packet size 
and an index of the queue information table for representing STT information of the 
packet (col. 27, lines 15-17; a priority filter table (CAM), which contains information to 
the priority flows e.g. address pairs, etc.). Moran does not explicitly disclose information 
includes a packet arrival time. Bremler-Barr in analogous art, however, discloses 
information includes a packet arrival time (page 5, paragraph [101]; arrival times of the 
packet). Therefore it would have been obvious to one ordinary skill in the art at the time 
the invention was made to modify the system disclosed by Moran with Bremler-Barr in 
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order to determine the next packet service completion time (paragraph [101]; Bremler- 
Barr). 

13. Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over Moran et 
al. (hereinafter Moran) 7,299,277 in view of Dobson US 6,650,643. 

As per claim 4: 

Moran teaches all the subject matter as discussed above. In addition, Moran 
teaches wherein the queue information table has fields including an STT ID, a service 
queue co/. 27, lines 15-17; a priority filter table (CAM), which contains information to the 
priority flows e.g. address pairs, etc; col. 73, lines 26-28; only packets that match a 
specific set of MAC addresses (source or destination) may be included. Additionally, 
only packets that include a specific VLAN Group can be included). Moran does not 
explicitly disclose wherein the queue information table has an average load, a recent 
load calculation time and a total packet size. Dobson in analogous art, however, 
discloses wherein the queue information table has an average load, a recent load 
calculation time and a total packet size (col. 6, lines 17-31; after calculating the current 
load, the load integrator calculates the average load at a pre-defined interval). Therefore 
it would have been obvious to one ordinary skill in the art at the time the invention was 
made to modify the system disclosed by Moran with Dobson in order to calculate 
current load and an average load for the processor based on the result from the load 
calculator performing the load calculator task (col. 4, lines 36-37; Dobson). 

14. Claims 9-11 and 13-15 is rejected under 35 U.S.C. 103(a) as being unpatentable 
over Moran et al. (hereinafter Moran) 7,299,277 in view of Dobson US 6,650,643. 
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As per claim 9: 

Moran teaches all the subject matter as discussed above. In addition, Moran 
further discloses (a') calculating an average load of an STT corresponding to the packet 
information transferred from the packet classifier; {col. 30, lines 30-67; to manage 
aggregate packet rate and avoid dropped packets, the expert task monitors the average 
depth of the priority queue and may selectively discard flows from the priority filter) (b') 
resetting an STT service queue based on the calculated average load of the STT; (col. 
30, lines 30-67; the buffer space for each queue varies dynamically based on the arrival 
of a classified packet that meet the priority criteria and as the number of flows 
increases, buffers are reallocated . To manage aggregate packet rate and avoid 
dropped packets, the expert task monitors the average depth of the priority queue and 
may selectively discard flows from the priority filter) (c') calculating an average load of 
the high-priority queue; (col. 46, lines 60-62; Buffers from both the high and low priority 
queue can be reallocated if the amount of data surpasses a predetermined threshold.) 
Moran does not explicitly disclose resetting a certain STT service queue based on the 
calculated average load of the high priority queue; and storing the reset STT information 
in the queue information table. Dobson in analogous art, however, discloses (d') 
resetting a certain STT service queue based on the calculated average load of the high- 
priority queue; (col. 8, lines 57-64; the load integrator issues a re-start instruction to the 
load calculator in order to determine the next current load) and (e') storing the reset STT 
information in the queue information table, (col. 8, lines 61-64; the load integrator may 
calculate and store a current load and an average load for the processor) Therefore it 
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would have been obvious to one ordinary skill in the art at the time the invention was 
made to modify the system disclosed by Moran with Dobson in order to calculate 
current load and an average load for the processor based on the result from the load 
calculator performing the load calculator task (col. 4, lines 36-37; Dobson). 
As per claim 10: 

The combination of Moran and Dobson teaches all the subject matter as 
discussed above. In addition, Dobson further discloses wherein the modified STT 
information refers to a modified average load and service queue, {col. 8, lines 61-64; the 
load integrator may calculate and store a current load and an average load for the 
processor) 
As per claim 1 1 : 

The combination of Moran and Dobson teaches all the subject matter as 
discussed above. In addition, Dobson further discloses wherein the step (a') further 
includes the steps of: (a'1 ) calculating a total packet size based on the packet 
information transferred from the packet classifier; (col. 6, lines 17-31; after calculating 
the current load, the load integrator calculates the average load at a pre-defined 
interval) (a'2) checking whether it is time to recalculate an average load; {col. 6, lines 
17-31; after calculating the current load, the load integrator calculates the average load 
at a pre-defined interval) (a'3) calculating a new average load by using a previous 
average load and a current average load based on the total packet size if it is time to 
recalculate the average load in the step (a'2); (col. 8, lines 50-64; the load integrator 
discards the oldest prior load and stores the current load, ...the load calculator 
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calculates the average load) and (a'4) performing an STT service queue determination 
algorithm based on the load of the STT if it is not time to recalculate the average load or 
subsequent to executing the step (a'3). {col. 8, lines 57-64; the load integrator issues a 
re-start instruction to the load calculator in order to determine the next current load) 
As per claim 13: 

The combination of Moran and Dobson teaches all the subject matter as 
discussed above. In addition, Moran further discloses wherein the step (b') further 
includes the steps of: (b'1 ) setting an STT service queue of a received packet to be a 
the low-priority queue if an STT load of the received packet is greater than an allowable 
load when the high-priority queue is in a congested state; {col. 48, lines 5-8; as the 
priority queue water-level approaches a "minimum head room" threshold, flows are 
randomly discarded from priority set a, relegating them back to non-priority queue) (b'2) 
randomly choosing one STT using a low-priority queue from the queue information table 
if the service queue of the STT corresponding to the received packet is a high-priority 
queue; {col. 48, lines 8-9; During this time, the flow processor may only service the 
priority queue) (b'3) setting an STT service queue of a low load to be a high-priority 
queue and an STT service queue of a high load to be a low-priority queue if an average 
load of an STT corresponding to the received packet is greater than that of the 
randomly chosen STT; {col. 30, lines 30-67; to manage aggregate packet rate and avoid 
dropped packets, the expert task monitors the average depth of the priority queue and 
may selectively discard flows from the priority filter) (b'4) randomly choosing one STT 
using a high-priority queue from the queue information table if the service queue of the 
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STT corresponding to the received packet is a low-priority queue; (col. 30, lines 30-67; 
to manage aggregate packet rate and avoid dropped packets, the expert task monitors 
the average depth of the priority queue and may selectively discard flows from the 
priority filter) and (b'5) setting an STT service queue of a low load to be a high-priority 
queue and the STT service queue of a high load to be a low-priority queue if an average 
load of an STT corresponding to the received packet is smaller than that of the 
randomly chosen STT. (col. 30, lines 30-32; the buffer space for each queue varies 
dynamically based on the arrival of classified packet; col. 46, lines 61-62; buffers from 
low-priority queue can be reallocated to the high-priority queue) 
As per claim 14: 

The combination of Moran and Dobson teaches all the subject matter as 
discussed above. In addition, Dobson further discloses wherein the step (c') further 
includes the steps of: (c'1 ) determining an STT service queue based on a load of an 
STT; (col. 6, lines 17-31; after calculating the current load, the load integrator calculates 
the average load at a pre-defined interval) (c'2) calculating a total packet size served 
through a high-priority queue if the service queue used by the received packet is a high- 
priority queue; (col. 6, lines 17-31; after calculating the current load, the load integrator 
calculates the average load at a pre-defined interval) (c'3) calculating an average load 
of a high-priority queue if it is time to recalculate a load; (col. 8, lines 50-64; the load 
integrator discards the oldest prior load and stores the current load, ...the load calculator 
calculates the average load) (c'4) resetting a certain STT service queue based on the 
load of the high-priority queue; and (c'5) storing modified STT information in the queue 
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information table, (col. 8, lines 57-64; the load integrator issues a re-start instruction to 
the load calculator in order to determine the next current load) 
As per claim 15: 

The combination of Moran and Dobson teaches all the subject matter as 
discussed above. In addition, Moran further discloses wherein the step (d') includes the 
steps of: (d'1) calculating an average load of a high-priority queue; {col. 48, lines 5-8; as 
the priority queue water-level approaches a " minimum head room" threshold, flows are 
randomly discarded from priority set a, relegating them back to non-priority queue) (d'2) 
randomly choosing one STT using a high-priority queue and setting a queue of the STT 
to low-priority if the load of the high-priority queue is in a congested state; {col. 48, lines 
8-9; During this time, the flow processor may only service the priority queue) (d'3) 
randomly choosing one STT using a low-priority queue and setting a queue of the STT 
to high-priority if the load of the high-priority queue is in an idle state; {col. 30, lines 30- 
67; to manage aggregate packet rate and avoid dropped packets, the expert task 
monitors the average depth of the priority queue and may selectively discard flows from 
the priority filter) and (d'4) storing modified STT information in the queue information 
table if the load of the high-priority queue is in a stable state or the steps of (d'2) and 
(d'3) are performed, (col. 2, line 15; flow processor filters and buffers the collected data; 
col. 30, lines 30-32; the buffer space for each queue varies dynamically based on the 
arrival of classified packet; col. 46, lines 61-62; buffers from low-priority queue can be 
reallocated to the high-priority queue) 
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15. Claim 12 is rejected under 35 U.S.C. 103(a) as being unpatentable over Moran et 
al. (hereinafter Moran) 7,299,277 in view of Dobson US 6,650,643 and in view of 
Bremler-Barr et al. (hereinafter Bremler-Barr) US 2003/0076848. 
As per claim 12: 

The combination of Moran and Dobson teaches all the subject matter as 
discussed above. In addition, Moran further discloses wherein the packet information 
includes a packet size and a queue information table index and a corresponding STT. 
{col. 27, lines 15-17; a priority filter table (CAM), which contains information to the 
priority flows e.g. address pairs, etc.). Both references do not explicitly disclose 
information includes a packet arrival time. Bremler-Barr in analogous art, however, 
discloses information includes a packet arrival time {page 5, pp. 101; arrival times of the 
packet). Therefore it would have been obvious to one ordinary skill in the art at the time 
the invention was made to modify the system disclosed by Moran and Dobson with 
Bremler-Barr in order to determine the next packet service completion time (paragraph 
[101]; Bremler-Barr). 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to SHEWAYE GELAGAY whose telephone number is 
(571)272-4219. The examiner can normally be reached on 8:00 am to 5:30 pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on 571-272-3865. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



IS. G.l 

Examiner, Art Unit 2437 
/Emmanuel L. Moise/ 

Supervisory Patent Examiner, Art Unit 2437 



